Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Sept. 23, 2021, 5:15 p.m.	Sept. 23, 2021, 5:17 p.m.

Size	6.3MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`b8a2adb46798ea4ac7961ed4af59bd08`
SHA256	`c8b2d7766554c5e276f4dcd011f0856603dc8b42895ba60c1e0fba270df616ee`
CRC32	`6E7A3579`
ssdeep	`98304:5ZZjE6aoN9zy7pFo//7XLl+T8MWbvq/U/7IyjfXAlCda2iTCsAnNRzu5WJ7hAx2S:5re49eHczXLl+qCK7NXQ2i5AnNtuj0E`
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

lv.exe "C:\Users\test22\AppData\Local\Temp\lv.exe"
896
- tricar.exe "C:\Users\test22\AppData\Local\Temp\bengal\tricar.exe"
  1636
- valinevp.exe "C:\Users\test22\AppData\Local\Temp\bengal\valinevp.exe"
  2344

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 23, 2021, 5:15 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (50 out of 65539 events)

Time & API	Arguments	Status
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefde3a49d tricar+0x472dc2 @ 0x13fbc2dc2 tricar+0x5180b1 @ 0x13fc680b1 HeapWalk-0x1ce0 kernel32+0x0 @ 0x77200000 0x17fb58 0x17fb58 0x17fb58 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 42141 exception.address: 0x7fefde3a49d registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 1569872 registers.rsi: 2006858448 registers.r10: 0 registers.rbx: 0 registers.rsp: 1571680 registers.r11: 514 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 1571704 registers.rdi: 5359796224 registers.rax: 2008818375 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (16 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 23, 2021, 5:15 p.m.	process_identifier: 896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73501000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 23, 2021, 5:15 p.m.	process_identifier: 896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76ec1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 23, 2021, 5:15 p.m.	process_identifier: 896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10001000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 23, 2021, 5:15 p.m.	process_identifier: 896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e21000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 23, 2021, 5:15 p.m.	process_identifier: 896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x733c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 23, 2021, 5:15 p.m.	process_identifier: 896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73311000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 23, 2021, 5:15 p.m.	process_identifier: 896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x733c2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 23, 2021, 5:15 p.m.	process_identifier: 1636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000779f7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 23, 2021, 5:15 p.m.	process_identifier: 1636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077950000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 23, 2021, 5:15 p.m.	process_identifier: 2344 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x77b7f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 23, 2021, 5:15 p.m.	process_identifier: 2344 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x77af0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 23, 2021, 5:15 p.m.	process_identifier: 2344 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000c0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 23, 2021, 5:15 p.m.	process_identifier: 2344 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000ba000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 23, 2021, 5:15 p.m.	process_identifier: 2344 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000ba000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 23, 2021, 5:15 p.m.	process_identifier: 2344 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000ba000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 23, 2021, 5:15 p.m.	process_identifier: 2344 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000ba000 process_handle: 0xffffffff	1

Creates executable files on the filesystem (6 events)

file	C:\Users\test22\AppData\Local\Temp\bengal\valinevp.exe
file	C:\Program Files (x86)\foler\olader\acppage.dll
file	C:\Users\test22\AppData\Local\Temp\nsg7D19.tmp\UAC.dll
file	C:\Program Files (x86)\foler\olader\acledit.dll
file	C:\Users\test22\AppData\Local\Temp\bengal\tricar.exe
file	C:\Program Files (x86)\foler\olader\adprovider.dll

Drops an executable to the user AppData folder (2 events)

file	C:\Users\test22\AppData\Local\Temp\nsg7D19.tmp\UAC.dll
file	C:\Users\test22\AppData\Local\Temp\bengal\valinevp.exe

Expresses interest in specific running processes (1 event)

process

system

Attempts to identify installed AV products by installation directory (2 events)

file	C:\ProgramData\AVAST Software
file	C:\ProgramData\AVG

Checks for the presence of known windows from debuggers and forensic tools (12 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Sept. 23, 2021, 5:15 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Sept. 23, 2021, 5:15 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Sept. 23, 2021, 5:15 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Sept. 23, 2021, 5:15 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Sept. 23, 2021, 5:15 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Sept. 23, 2021, 5:15 p.m.	class_name: Registry Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Sept. 23, 2021, 5:15 p.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Sept. 23, 2021, 5:15 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 23, 2021, 5:15 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Sept. 23, 2021, 5:15 p.m.	class_name: File Monitor - Sysinternals: www.sysinternals.com window_name:		0	0
FindWindowA Sept. 23, 2021, 5:15 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Sept. 23, 2021, 5:15 p.m.	class_name: Process Monitor - Sysinternals: www.sysinternals.com window_name:		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Tries to unhook Windows functions monitored by Cuckoo (1 event)

Time & API	Arguments	Status	Return	Repeated
__anomaly__ Sept. 23, 2021, 5:15 p.m.	tid: 1164 message: Encountered 65537 exceptions, quitting. subcategory: exception function_name:	1	0	0

Detects Virtual Machines through their custom firmware (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Sept. 23, 2021, 5:15 p.m.	information_class: 76 (SystemFirmwareTableInformation)		3221225507	0

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Sept. 23, 2021, 5:15 p.m.	stacktrace: exception.instruction_r: ed e9 99 2a 05 00 c3 e9 e3 d7 05 00 ee 5c 75 5f exception.symbol: valinevp+0x37dfa8 exception.instruction: in eax, dx exception.module: valinevp.exe exception.exception_code: 0xc0000096 exception.offset: 3661736 exception.address: 0x41dfa8 registers.esp: 11402128 registers.edi: 12201616 registers.eax: 1447909480 registers.ebp: 823296 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 1043429 registers.ecx: 10	1	0	0

File has been identified by 37 AntiVirus engines on VirusTotal as malicious (37 events)

Elastic	malicious (high confidence)
FireEye	Generic.mg.b8a2adb46798ea4a
ALYac	Gen:Trojan.Heur.D.MMW@d4iaC4ki
Malwarebytes	Malware.AI.753280343
Zillya	Backdoor.Agent.Win32.81144
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 0056e5201 )
K7GW	Trojan ( 0056e5201 )
Cybereason	malicious.46798e
Cyren	W32/Kryptik.FHH.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Trojan-Banker.Win32.ClipBanker.gen
BitDefender	Gen:Variant.Razy.920754
NANO-Antivirus	Virus.Win32.Gen-Crypt.ccnc
Avast	Win64:MiscX-gen [PUP]
Tencent	Win32.Trojan-banker.Clipbanker.Phgc
Emsisoft	Gen:Variant.Razy.920754 (B)
McAfee-GW-Edition	BehavesLike.Win32.Generic.vc
Sophos	Generic ML PUA (PUA)
Webroot	W32.Malware.Gen
Avira	TR/Kryptik.mgadk
ZoneAlarm	HEUR:Trojan-PSW.Win32.Coins.gen
GData	Win32.Trojan.BSE.HLJWVB
AhnLab-V3	Trojan/Win.Generic.R441088
McAfee	Artemis!B8A2ADB46798
MAX	malware (ai score=86)
VBA32	BScope.Backdoor.Agent
Rising	Trojan.Generic@ML.100 (RDML:OGMo6eQGimkboVf0yBe92A)
SentinelOne	Static AI - Malicious PE
BitDefenderTheta	AI:Packer.8E2B315B1E
AVG	Win64:MiscX-gen [PUP]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_70% (W)

lv.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All